Please note: This schedule is for OpenStack Active Technical Contributors participating in the Icehouse Design Summit sessions in Hong Kong. These are working sessions to determine the roadmap of the Icehouse release and make decisions across the project. To see the full OpenStack Summit schedule, including presentations, panels and workshops, go to http://openstacksummitnovember2013.sched.org.
Back To Schedule
Thursday, November 7 • 4:30pm - 5:10pm
Federated Identity

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Note: This is part 1 of a 2 part session. Part 2 will take place in the same room after a short break.


It seems there are some blueprints, and corresponding wikis that try and flesh out a design for federated identity support in keystone. Currently neither exist in OpenStack.

Let's go through the use cases, the two different approaches that have been proposed (Joe Savak @ Rackspace and David Chadwick @ University of Kent), and the primary concepts and technologies (IDPs, mapping and SAML, authentication).

1) Use Cases can be found here:

2) Concepts:
a) IDPs
b) Federation mechanism: SAML, ABFAB, OAuth
c) Attribute mapping
d) Authentication requests

3) The two different approaches:
Joe Savak @ Rackspace
bp: https://blueprints.launchpad.net/keystone/+spec/virtual-idp
wiki: https://wiki.openstack.org/wiki/Keystone_Virtual_Identity_Providers
api-spec: https://review.openstack.org/#/c/51980/

David Chadwick @ University of Kent
bp: https://blueprints.launchpad.net/keystone/+spec/federation
wiki: https://wiki.openstack.org/wiki/Keystone/Federation/Blueprint
api-spec: https://review.openstack.org/#/c/39499/

The goal for this session is to decide on one approach for keystone to pursue supporting during Icehouse.

Discussion here: https://etherpad.openstack.org/keystone-federation and here: https://etherpad.openstack.org/p/federation-flows

(Session proposed by Steve Martinelli)

Thursday November 7, 2013 4:30pm - 5:10pm HKT
AWE Level 2, Room 201B

Attendees (0)